Ransomware, the cyberattack that hijacks files
It gives the cybercriminal the ability to lock a device from a remote location and encrypt our files, taking control of all stored information and data and not releasing it until we pay a ransom. Can we prevent it?
Ransomware in the 21st century
Ransomware is one of the main cyber threats. There are more than 1,100 variants designed to attack businesses and private users. Technologies are becoming increasingly sophisticated. However, since 2019 there has been a considerable decrease in attacks on private individuals, and this is due to the fact that ransomware attacks are increasingly personalised towards specific targets. Attacks are directed at a smaller number of organisations and have a much higher success rate. Despite this, we must remain vigilant and adopt security measures that can protect us from these increasingly sophisticated threats. The digital currency, bitcoin, has become the currency of exchanges.
What are the attacks like, and how can they be prevented?
Ransomware can attack in two ways: firstly, by blocking entry into the operating system; and secondly, by encrypting documents and files stored on the hard drive, so that it is impossible to open or read them without the corresponding decryption key.
The advice given by experts to avoid a ransomware attack is the same as that which can be applied when surfing the Internet. Basic precautions, combined with common sense, can help to avoid these dangers. Some of the most basic are:
- Keep the operating system updated to avoid security breaches.
- Have a good antivirus product installed and updated.
- Do not open emails or files from unknown senders.
- Do not open attachments, even if the sender is known. If no file has been requested, it is better not to open it, as it could be malicious software that has infected a contact’s computer and has automatically spread among their contacts.
- Avoid browsing unsafe pages or pages with unverified content.
- Always have an up-to-date backup, it is the best way to avoid losing information.
- Using cloud storage services can help mitigate a ransomware infection.
What should we do if our computer has been infected by a ransomware attack?
There are a number of protocols for dealing with ransomware attacks.
The first step is to create a copy of the infected hard drive. This leaves the main computer intact in case the files are corrupted when we try to decrypt them. This way we can always go back to square one. Also, if necessary, this copy could be used as evidence in a judicial investigation.
Secondly, disinfect the copy using an antivirus software. If you manage to free the documents, you can prevent the malware from re-encrypting them. The system would then be clean, but all affected files would still be encrypted.
The third step is to use a tool that helps identify the malicious code variant that has attacked the system. Once the tool has recognised the code, apply the decryption programme best suited to the ransomware variant that affects you. It is possible that the decryption programme does not work, or that there is still no solution for the ransomware that has affected the computer; in this case, keep the encrypted hard drive in case a solution appears in the future.
Another option is to contact a cybersecurity company, where technical experts in this malware will try to find a customised solution to the encryption.
The first ever ransomware victim
The first person to suffer a ransomware attack was Eddy Willems, a worker at an insurance company in Belgium. In 1989 his boss asked him to check what was on a floppy disk he had received from the WHO. The diskette was expected to contain medical research on AIDS, but when he loaded it, he found a message saying that the computer had been locked and that he had to make a deposit of $189 to an address in Panama.
This is known as the world’s first ransomware attack and was called AIDS Trojan. The author of this attack was Joseph Popp, one of those involved in AIDS research. Why he decided to do this remains unknown. This first ransomware case in history was much simpler and more naive than those currently being carried out.
If you liked this article, we recommend you read:
Are online payment methods secure?5 min read
Online shopping is becoming more widespread among all of us
How to protect ourselves from online scams4 min read
This type of digital crime has accelerated